Menu
  • Home
  • My Books
  • Courses
  • About Me
  • Contact
  • Home
  • My Books
  • Courses
  • About Me
  • Contact

Brett Shavers | forensics & things

Brett's Ramblings

Subscribe to blog
Unsubscribe from blog
Settings
Sign In
If you are new here, Register
  • Forget Username
  • Reset Password
Font size: + –
Subscribe to this blog post Unsubscribe
Report
Print
7 minutes reading time (1351 words)

Everything I Needed to Know about Working in DFIR, I Learned in Boot Camp

Digital Forensics
Brett Shavers
Saturday, 17 August 2019
6430 Hits
0 Comments

You don’t need to experience military life to learn the valuable lessons that are drilled into military recruits.  In fact, you can probably enjoy the benefit of the lessons more quickly than spending months of being bombarded with ‘training’ every day..recruits have no clue of the value of most lessons that they experience on a daily basis until years after graduating boot camp. You can most likely get it the first day at this stage of working in DFIR, because you know the problems that need to be solved already. You just need a gentle push to the solutions.

These are my Top 10 Marine Corps Boot Camp Lessons for DFIR success

1.  Set the example

Be the leader that you want to follow. Set the example that others want to emulate. If you are not in charge, support the leader as you would want to be supported. You can’t force others to stop complaining or do a better job; but you can do your best so that others may follow, whether you are in charge or not. Take the initiate. Get the job done. This is the person everyone Looks to for answers and direction.

2.  Communicate

Effective communication sets the stage for success. Give clear and concise directions for the casework to be handled. Be sure that you understand the directions given to you. Brief-back (ie; paraphrase back to make sure you understood) your mission and only start your work when you know what the work is.  Communicate throughout the engagement and tasks as an essential part of the work. Share information. This is you being the one who understands the big Picture.

3.  Mission first

Get the job done. Do what you are being paid to do. Learn the skills needed for your job title and responsiblities. Overcome adversity in getting the job done; It is never easy and that is why you were tasked to get it done. You are the only one that can do it, so get it done. This is you being the person that is known as able to get things Done.

4.  Keep calm

Panic breeds panic. Panic destroys confidence in those around you. There is no situation where panic will be helpful, so keep calm by focusing on finding solutions. Abstract reasoning will solve more problems than any scientific model ever will. Reassure others with your command presence and confidence. This is you being the Rock in the storm.

5.  Attention to detail

Take care of the little things, and the big things will take care of themselves. Taking care of the little things takes only small bits of time but not only will save large chunks of time later but will also reduce the risk of failure.  Look for the little things and make sure they are taken care of. Even something as simple as checking the appropriate box on a check sheet, or making sure you check for the common things in an exam that you should always check, like certain registry keys that commonly hold forensic clues. This is you doing everything Right.

6.  Learn from mistakes

You make mistakes. I make mistakes. We all make mistakes. The chasm between making mistakes and owning them is huge!  If you didn't write-protect the evidence while imaging, fess up to it. When (not if) you make your next mistake, identify it, and most importantly - own it. Be accountable. Be responsible. Fix it. Learn from it. Better yet, learn from the mistakes of others.  Even better, teach others about your mistakes so they can learn.  This is you being a Mentor and coach.

7.  Be honest

Be honest with yourself. Know your limitations. But also know your stuff. Do only that which you can do before needing assistance. Be honest with your supervisors and subordinates. The truth of an error or unexpected (ie: unwanted) analysis finding may sting now, but not as nearly much as a lie will hurt later. Be the person whose word is the Gold standard.

8.  You need a team

Drop everything to help a teammate. Your job cannot be done alone or in a vacuum. To claim to know all is to state that you don’t even know that you don’t even know. Choose your team wisely, accept no one can do everything alone, connect each other by individual strengths, and acknowledge their individual and team successes. Assign tasks not by rank or title, but by capability and competence. Be an effective team Leader.

9.  Security

A Marine on duty has no friends. That means to not make any exception for anyone that will cause a break in security. Make for no lapse in security for no one or no thing. Without security, most any work can be lost, including reputations and even entire organizations. If responsible for security, you are the Lock.  

10. Be grateful

No one promised you a rose garden. Being comfortable never solved a problem. Make discomfort your friend. If the job was easy, anyone could do it and it would pay barely above minimum wage. Appreciate the slow times because the hectic times are waiting for you.  Appreciate your team as they will be the ones who solve problems by working together toward a common goal. Appreciate and comprehend the seriousness of every task we have, whether that involves any part of securing a national infrastructure, ensuring that justice is served in a legal matter, or that a hard drive has been stored appropriately. Be Gracious of the gratitude of others.

The list of lessons from boot camp has filled books, created many successful people and organizations, won wars, and saved lives. And the lessons are not proprietary. They can be learned and used by anyone looking for an edge to success or problem-solving solutions.

What’s the biggest problem to solve?

I have found that the most difficult problem to solve is that of a lack teamwork because of not having a leader take charge to lead the team to success. By “leader”, I mean the person who is the leader by action and influence, not by title or paygrade.  This is where a bully in a team can be the leader and destroy a team, yet any team member can do just the opposite by leading from within, title irrelevant. An effective team can solve any problem. Build the team and rule over any problems.

How long does it take for a team to follow and trust a leader?

That depends on you and the team members. How do you handle yourself? How to you treat others? How do you exhibit confidence? How formed is the team now? The time it takes is basically "It depends. But few situations are impossible to fix in regards to building and encouraging an effective team.

One day, many many years ago, I was placed in charge of a different squad unexpectedly and gave my first orders to a team of Marines that I never met before; but I did it as if I knew them all my life, with the expectation that I would lead them in the same manner that I would want follow another, and in a manner that no order I give would be any different than anything I have done or would do. After the first formation, I heard one Marine ask another, “Who is that guy?”, with a reply of, “I don’t know, but he knows his shit.” We made a good team; every single one of them. I was honest, forthcoming, admitted mistakes, asked for suggestions, supported them, disciplined in private, and praised in public.  All the things I want to see in a leader.

The key of Marine leadership is nothing that you see in the movies. Marines follow leaders not due to threats or yelling, but simply in the respect, trust, and confidence of the Marine leader.  Boot camp has a lot of yelling and screaming, but that is just to get the lessons across in a short period of time. After the lessons are learned, it’s gravy train from there.

Tweet
Share on Pinterest
0
If you are comfortable in DFIR, you might be doing...
Personality of a computer

About the author

Brett Shavers

Brett Shavers

 

Comments

No comments made yet. Be the first to submit a comment
Guest
Saturday, 23 January 2021

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.brettshavers.com/

direct link

Brett's blog

Posts List

Tag Cloud

Registry Forensics Jimmy Weg book Hiding Behind the Keyboard phishing North korea X-Ways Forensics presentations 4cast gmail privacy Virtualization expert windows forensic environment bitcoin forensics bitcoin email forensics University of Washington writing Placing the Suspect Behind the Keyboard investigation winfe Hacker tor browser case studies windows fe Windows Forensic Environment investigations RegRipper Bitcoin Forensics X-Ways Forensics Practitioner's Guide wiretap dfir imaging Volume Shadow Copy training surveillance

Search Blog

Most popular posts

Brett Shavers
Brett Shavers
06 December 2015
RegRipper
RegRipper
Digital Forensics
The short story-if you want RegRipper, get it from GitHub (don't download it from anywhere else)http://github.com/keydet89What is RegRipper?RegRipper was created and maintained by Harlan Carvey. ...
0
38743 Hits
3 comments
Read More
Brett Shavers
Brett Shavers
25 April 2019
Game of Thrones, DFIR Style
Game of Thrones, DFIR Style
Digital Forensics
Short post and quick opinion. I came across some tweets today about how bad people are in the #infosec/#DFIR community and I dug a little deeper. Actually, I didn’t have to dig far at all to find trul...
0
37227 Hits
0 comments
Read More
Brett Shavers
Brett Shavers
10 September 2019
The Five Stages of the DFIR Career Grief Cycle
The Five Stages of the DFIR Career Grief Cycle
Digital Forensics
I have been a fan of Craig Ball ever since I met him in a forensic course years ago. I was so impressed with Craig, that I was honored that he agreed to write the foreword of a book that Eric Zimmerma...
1
36763 Hits
0 comments
Read More

Magnet Forensics Conversation

DFIR Training

Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.


Even better, support DFIR Training by subscribing at https://www.dfir.training/subscribe-3 and get access to multiple online courses in digital forensics with included ebooks!

More posts

Date
Date
  • When OSINT is turned into the Baseball Bat of Internet Mob Justice

    When OSINT is turned into…

    When OSINT is turned into the Baseball Bat of Internet Mob Justice

    We are of a curious mind, we the forensic examiners, private investigators, OSINT professionals, and journalists. Our work is for the public good, and we…

    Thursday January 14

    by Brett Shavers

    5553 hits / 0 comments

  • I took a look at Instagram's Terms of Service so that you won't have to.

    I took a look at…

    I took a look at Instagram's Terms of Service so that you won't have to.

    Who really reads the Terms of Service anyway?Are EULAs and TOSs intentionally designed as multi-page, single-spaced, 4 font, legalized writing to confuse users or simply…

    Saturday December 26

    by Brett Shavers

    8534 hits / 0 comments

  • White Paper: The Susceptibility of Interconnected Devices in a Global Concept as Surveillance Affects the Consumer-user

    White Paper: The Susceptibility of…

    White Paper: The Susceptibility of Interconnected Devices in a Global Concept as Surveillance Affects the Consumer-user

    I read an article that China used technology to spy on users via their phones (https://www.theguardian.com/us-news/2020/dec/15/revealed-china-suspected-of-spying-on-americans-via-caribbean-phone-networks). Here is my white paper analysis.#1 - If...

    Wednesday December 16

    by Brett Shavers

    4650 hits / 0 comments

  • How long does it take to get into the DFIR field?

    How long does it take…

    How long does it take to get into the DFIR field?

    Question I received: How long does it take before I can expect to get into a DFIR career?Answer: It depends!It depends on your available resources +…

    Thursday November 12

    by Brett Shavers

    14893 hits / 0 comments

  • An expert is just one page in a book ahead of you

    An expert is just one…

    An expert is just one page in a book ahead of you

    Let me dispel your notion of what an “expert” is. An expert is someone who has more information than you. That’s it. Imagine being stranded…

    Friday October 30

    by Brett Shavers

    5825 hits / 0 comments

  • Should you improve your DFIR skills on your personal time?

    Should you improve your DFIR…

    Should you improve your DFIR skills on your personal time?

    Almost two years ago, I wrote about burning out in DFIR (“Only race cars should burn out"). I still stand by what I wrote at…

    Friday September 04

    by Brett Shavers

    28344 hits / 0 comments

  • TikTok is like a big, greasy cheeseburger. We know it is bad for us, but don't care.

    TikTok is like a big,…

    TikTok is like a big, greasy cheeseburger. We know it is bad for us, but don't care.

    Short version: Any social media platform can be compared to the biggest, greasiest cheeseburger that you can find.  You know that the cheeseburger is unhealthy,…

    Tuesday July 07

    by Brett Shavers

    24017 hits / 0 comments

  • Jessica Hyde and I talk about forensic stuff

    Jessica Hyde and I talk…

    Jessica Hyde and I talk about forensic stuff

    Jessica Hyde of Magnet Forensics sat down together (virtually...) to talk about forensics.  In case you missed it, here it is!

    Thursday June 11

    by Brett Shavers

    10735 hits / 0 comments

  • Facebook Spoofing: Your Reputation, Investigations, and Massive Data Collection

    Facebook Spoofing: Your Reputation, Investigations,…

    Facebook Spoofing: Your Reputation, Investigations, and Massive Data Collection

    A “new” article on imposter Facebook accounts was published today in the Philippines.  I put “new” in quotes because this is not a new issue,…

    Sunday June 07

    by Brett Shavers

    2662 hits / 0 comments

  • You do not want to work in DFIR.

    You do not want to…

    You do not want to work in DFIR.

     The fantasySo many people ask how they can start a career in the DF/IR field, which is completely understandable. The glamour is there. Hollywood shows…

    Thursday June 04

    by Brett Shavers

    3278 hits / 0 comments

  • COVID-19’s Investigative Impacts on Digital Forensics/Incident Response (DFIR). AKA: All burners are now burned.

    COVID-19’s Investigative Impacts on Digital…

    COVID-19’s Investigative Impacts on Digital Forensics/Incident Response (DFIR). AKA: All burners are now burned.

    The meat and potatoesA bit is still a bit and a byte is still a byte. COVID-19 cannot change that, which means that the technical…

    Saturday April 25

    by Brett Shavers

    16858 hits / 0 comments

  • Mini-WinFE 10 and WinFE 10 Updated

    Mini-WinFE 10 and WinFE 10…

    Mini-WinFE 10 and WinFE 10 Updated

    The short story on the newest Mini-WinFE 10 (aka, the download link):Mini-WinFE has been updated and upgraded.  I update WinFE developments (including the downloads for…

    Sunday April 05

    by Brett Shavers

    10816 hits / 2 comments

  • Eat your broccoli first

    Eat your broccoli first

    Eat your broccoli first

    Something good and something not-so-good on learning DFIRThe good thing about learning DFIR is that there are probably fewer barriers and obstacles to learn and…

    Saturday January 18

    by Brett Shavers

    30970 hits / 0 comments

  • The Second Decade of the 2000s is almost over!

    The Second Decade of the…

    The Second Decade of the 2000s is almost over!

    We’ve come a long way in DFIR over the past 20 years, and even looking at just the past decade, the field has drastically grown!…

    Thursday December 26

    by Brett Shavers

    10720 hits / 0 comments

  • Public Records

    Public Records

    Public Records

    I have an outstanding public records request. It is not "outstanding" in the manner that I wrote a great request, but "outstanding" in that I…

    Thursday December 12

    by Brett Shavers

    5221 hits / 0 comments

  • The Five Stages of the DFIR Career Grief Cycle

    The Five Stages of the…

    The Five Stages of the DFIR Career Grief Cycle

    I have been a fan of Craig Ball ever since I met him in a forensic course years ago. I was so impressed with Craig,…

    Tuesday September 10

    by Brett Shavers

    36763 hits / 0 comments

  • Our World is Going to Turn Upside Down with DeepFakes

    Our World is Going to…

    Our World is Going to Turn Upside Down with DeepFakes

    The short storyAny person and their voice, in practically any video (past, present, or future) can have their face and voice digitally replaced with any…

    Sunday September 01

    by Brett Shavers

    4455 hits / 0 comments

  • If you are comfortable in DFIR, you might be doing it wrong

    If you are comfortable in…

    If you are comfortable in DFIR, you might be doing it wrong

    I took a 3-day basic forensic course and embarrassingly enough, the instructor (in front of the class), said that I probably know everything in the…

    Thursday August 29

    by Brett Shavers

    4803 hits / 0 comments

  • Everything I Needed to Know about Working in DFIR, I Learned in Boot Camp

    Everything I Needed to Know…

    Everything I Needed to Know about Working in DFIR, I Learned in Boot Camp

    You don’t need to experience military life to learn the valuable lessons that are drilled into military recruits.  In fact, you can probably enjoy the…

    Saturday August 17

    by Brett Shavers

    6431 hits / 0 comments

  • Personality of a computer

    Personality of a computer

    Personality of a computer

    From a recent discussion that I had with Harlan Carvey about the registry, this topic is something that I touched on lightly in Placing the…

    Wednesday July 31

    by Brett Shavers

    5082 hits / 0 comments

© 2021 Brett Shavers